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ABSTRACT 



A CPU is provided with an ability to modify its operation in 
accordance with an encryption key. When a program is 
compiled, the program is modified in order that execution 
may be performed with the CPU with its operation modified. 
As a result, it is unnecessary to decrypt the program into 
standard op codes prior to execution. The keyed program 
operation permits secure transfer of program data through 
open channels such as the Internet. A programmable instruc- 
tion decoder programmable decodes encrypted instruction 
op codes, without decrypting them into standard op codes. 
Logic is used to accomplish network handshaking. The 
network handshaking further used to provide additional key 
information for continued operation the CPU. 

43 Claims, 11 Drawing Sheets 
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SECURE EXECUTION OF PROGRAM 
INSTRUCTIONS PROVIDED BY NETWORK 
INTERACTIONS WITH PROCESSOR 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

U.S. patent application Scr. No. 09/377,343, entitled 
Microprocessor in Which Logic Changes During Execution, 
U.S. patent application Ser. No. 09/377,298, entitled Execu- 
tion of Instructions Using Op Code Lengths Longer Than 
Standard Op Code Lengths to Encode Data, U.S. patent 
application Ser. No. 09/376,655, entitled Secure Program 
Execution Using Instruction Buffer Interdependencies, U.S. 
patent application Ser. No. 09/376,654, entitled Secure Pro- 
gram Execution Depending on Predictable Error Correction, 
U.S. patent application Ser. No. 09/377,344, entitled Logic 
Block Used to Check Instruction Buffer Configuration, and 
U.S. patent application Ser. No. 09/377,299, entitled Micro- 
processor Instruction Result Obfuscation, all invented by 
Alan C. Folmsbee and commonly assigned, share common 
subject matter. These applications are incorporated by ref- 
erence herein in their entirety. 

FIELD OF THE INVENTION 

This invention relates to a system for copy and use 
protection of information which incorporates computer pro- 
gram instructions. More specifically, it relates to network 
transfer of program information which is secured for use 
with selected processors. 

BACKGROUND OF THE INVENTION 

One problem with the use of public networks for transfer 
of software is the difficulty in preventing unauthorized use 
of the software. In cases where the purpose of the software 
is to provide access to services, there is a strong incentive for 
adversaries to attempt to enable the software for such 
unauthorized use. 

To protect computer software, there is accordingly often 
a need to restrict its use. This may be accomplished by end 
user agreements, wherein the user agrees to only use the 
software on one or more agreed upon computers. In other 
cases, the software can be freely copied, so that piracy 
restrictions are accomplished either by end user agreement 
or by simple techniques such as the requirement to use a 
product serial number to enable use of the software. While 
this may discourage software piracy and copying, it does not 
completely prevent a determined software pirate from repro- 
ducing the program along with one or more enabling serial 
numbers or keys. 

It is possible to specifically identify individual CPUs. In 
that way, each CPU can be separately identified by a serial 
number encoded into the CPU. Identification can be accom- 
plished by laser marking of the CPU package with a serial 
number. Further, it is possible to provide a serial number 
which can be read out by the end user during execution with 
appropriate instructions. 

It is possible to provide more elaborate protective systems 
for encoding the software, by use of proprietary hardware 
components for example, or even by requiring the end user 
to comply with registration requirements in order to enable 
software operation. In that respect, the encryption scheme 
for the program ensures that the program is executable in 
unencrypted form, at least with respect to the instruction sets 
provided to the CPU. In other words, the instructions 
provided to the CPU are in a form that is understandable by 
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the CPU prior to CPU execution. Thus, it is easy for an 
unauthorized user to determine what is necessary to operate 
the programs successfully. 

It is often desired to provide software and updates of 

5 software to end users in such a manner that the software is 
transferred through public channels, such as the Internet. To 
provide such software in restricted form, it is desired to 
provide security to the distributor of the software so that (he 
software is not subject to unauthorized use. In particular, if 

1° software is shipped via public or private channels, it is 
desired that the end user of the software can only use the 
software on the end user's specified computer, and that the 
software not be willingly or unwillingly shared by the end 
user. By computer, it is intended that this includes personal 

15 computers, smart cards, work stations, dedicated CPUs 
embedded in hardware appliances, and any other device in 
which integrated circuit (IC) microprocessors may be used. 

In some programs, the cost of the programs to the end user 
is such that it becomes economical for third parties to 

20 determine what is necessary to circumvent restrictions on 
use by unauthorized persons. Therefore, it is desired to make 
the unauthorized duplication or use of a program uneco- 
nomical. In order to do that, it is desired to provide an 
encryption scheme which prevents unauthorized persons 

25 from "attacking" the encryption of the software through 
analysis of the input and output of user commands and 
instruction sets from the software. It is further desired to 
provide a software encryption technique in which there are 
no external indicia of a decryption technique which can be 

30 used to analyze the encryption of the software. It is further 
desired that software be encrypted in such a manner that it 
is unnecessary to decrypt the software in order to accom- 
plish execution of the software. 

35 SUMMARY OF THE INVENTION 

According to the invention, a particularly configurable 
microprocessor is used for processing computer programs 
which are selectively operable on that particular processor. 

40 The microprocessor includes a storage location for a key, 
and an instruction decoder which is programmable to decode 
encrypted instruction op codes when supplied with key 
information, without decrypting the op codes into standard 
op codes. Logic circuitry is used to require network 

45 handshaking, and the network handshaking is used to pro- 
vide additional key information for continued operation the 
microprocessor. 

More particularly according to the invention, network 
handshaking is used in association with computer programs 

50 which are selectively operable on a particularly configurable 
processor. An instruction decoder is programmable so that it 
decodes encrypted instruction op codes, without decrypting 
them into standard op codes. Logic circuits establish a 
requirement for network handshaking, and the network 

ss handshaking provides additional key information for con- 
tinued operation the microprocessor 

According to one aspect of the invention, a CPU is 
provided with an ability to modify its operation in accor- 
dance with an encryption key. When a program is compiled, 

60 the program is modified in order that execution may be 
performed with the CPU with its operation modified. As a 
result, it is unnecessary to decrypt the program into standard 
op codes prior to execution. The keyed program operation 
permits secure transfer of program data through open chan- 

65 nels such as the Internet. A programmable instruction 
decoder programmable decodes encrypted instruction op 
codes, without decrypting them into standard op codes. 
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Logic is used to accomplish network handshaking. The expected to provide much security from highly skilled 

network handshaking further used to provide additional key experts, but they are expected to prevent unskilled adver- 

information for continued operation the microprocessor. saries from understanding the data. This technique raises a 

According to a fiirlher aspect of the invention, a CPU is bameragainst some adversaries, without using data encryp- 

•j , ?. _ . A -r ^ nt - • a ^ wr c Uon. The compiler will be notified, by means of the key 

provided wuh an ability to modify its operation in accor- distributiDD ^ of ^ varial / e data numeric 

dance with an encryption key. When a program is compiled, resenta(ions so mat it ^ ile instructions md d ^ 

the program is modified m order that execution may be which OQ0&sm {Q ^ ^ re rcsentations which me IC is 

performed with the CPU with its operation modified. As a prepared to handle 

result it is unnecessary to decrypt the program into standard Normally, the user will never need to load a secret key, but 

op codes prior to execution. The keyed program operation 10 ^ ^ ^ ^ ^ ^ ^ Qf loading 

permits secure transfer of program data through open chan- sccret kcyS) 0 f ^jng mc internal key generation 

nels such as the Internet. A programmable instruction procedur e, described in the next paragraph. There is no 

decoder programmable decodes encrypted instruction op mnction ava ilable to read keys out of the microprocessor 

codes, without decrypting them into standard op codes. chip after they have been stored in non-volatile memory, but 

Logic is used to accomplish network handshaking. The 15 an amhorized ^ can erase ^ of the keys ^ trustwor . 

network handshaking further used to provide additional key ^iness of the IC manufacturer is not provable, but it is a goal 

information for continued operation the microprocessor. of mis design to inchlde ^ hardware on the IC that provides 

According to the invention, keyed program operation a back door for the manufacturer to use. Software can be 

permits secure transfer of program data through open chan- loaded into the chip to perform secret functions that are not 

nels such as the Internet, A programmable instruction 20 provided by any special hardware, but no software has the 

decoder programmable decodes encrypted instruction op power to control all of the hardware, 

codes, without decrypting them into standard op codes. xh e keys for the IC and the compiler may be chosen at 

Logic is used to accomplish network handshaking. The random and given to the compiler and IC by secure means, 

network handshaking further used to provide additional key However, the following description is one in which the IC 

information for continued operation the microprocessor. creates the keys. The keys are generated by an on-chip 

According to a further aspect of the invention, computer random number generator and are kept temporarily in RAM. 

programs are compiled for operability on a particular pro- A public key for a software vendor is entered into the IC and 

cessors. Encrypted instruction op codes are provided for the key is encrypted with that public key. This encrypted key 

execution by an instruction decoder to decode without 3Q is sent to the software vendor so that a purchased program 

decrypting into standard op codes. Additional key informa- can be compiled to produce instructions that will only be 

tion provided through network handshaking is used to executable by the IC that created the key. The IC uses the 

permit continued operation the microprocessor. key to produce the custom instruction decoder functions by 

In one embodiment, a microprocessor uses a program- programming non-volatile memory cells in the instruction 

mable instruction decoder to decode encrypted instruction 35 decoder. The IC then expands the key into an "expanded 

op codes. The decoding is accomplished without decrypting key" and stores this expanded key in non-volatile memory 

the op codes and the logic gates of the logic circuitry cells around the IC. These bits of the expanded key control 

immediately process data upon receipt without prior decryp- switching circuits, reconfigure logic, and in general, cus- 

tion. The data representation of the op codes is changeable tomize the IC to implement all of the security features 

during the execution. 40 described in more detail in the remainder of this text and 

A secure key is used in configuring both the encrypted figures, 

software with a compiler and the microprocessor system According to a further aspect of the invention, the inven- 

executing the encrypted software so that the instructions tion may be a coprocessor in a system with an ordinary CPU, 

provided by the compiler are only executable by an IC which with the output of the CPU provided to the user's computer, 

use the same key. This key is stored on the IC in non-volatile 45 In one variation of the invention, the inventive CPU would 

memory, and it controls the instruction decoder, the recon- be provided with multiple keys, including a fixed key, and 

figurable logic, the signal routing, the error corrections to the keys which are changed at different periodic rates, such as 

instructions executed, the sequencer circuit, and instruction yearly, monthly and at lesser time periods, 

buffer content interdependency checking circuitry. The key BRIEF DESCRIPTION OF THE DRAWINGS 

also determines the program counter operations which 50 ^ . L . . .„ . . c 

would not be incremented in the usual manner. Hie key also u F ! G * 1 15 a ra which illustrates major components of 

controls instruction result obfuscation circuits so that com- the mvent ™ CPU, in which instructions are compiled for 

mon microprocessor results, such as the ANDing of two execution by the specific CPU; 

operands, are not easily recognized by the surreptitious FIG. 2 is a diagram which illustrates how instructions are 

observer. The key controls memory mapping in the IC so 55 routed from me ^^on buffer of the microprocessor 

that physically fixed memory resources are allocated in under control of keyed switch bits; 

different ways for ICs with different keys. FIG. 3 is a diagram which shows an example of an 

Optionally, data may be used in various numeric repre- implementation of the is encryption done by the compiler 

sentations which do not constitute encryption. These data according to the invention; 

representations would be of varieties which can be imme- 60 FIG. 4 is a diagram which shows the reverse wire crossing 

diately evaluated by logic circuits. The data resulting from done by the CPU according to one embodiment of the 

program execution would be output from the IC in blocks invention; 

which are larger than usual block sizes so that adversaries FIG. 5 is a diagram which shows how interdependences 

would have more difficulty in benefitting from knowledge of between operations are checked in the instruction buffer; 

the data results. Data coding is of secondary importance in 65 FIG. 6 (prior art) is a diagram which illustrates how 

this invention, while instruction coding is of primary impor- memory placement on a typical microcontroller is imple- 

tance. The varying data numeric representations are not mented; 
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FIG. 7 is a diagram which illustrates how memory place- mation includes serial number information 17, additional 

ment according to the present invention differs from ordi- identification information in ROM 19, a random number 

nary microcontrollers; generator 21, and random access memory 23. The logic 13 

FIG. 8 is a diagram which illustrates where the ROM * structured so as to be reconfigurable according to key bits, 

sections may be placed in a microprocessor system accord- 5 ROM bits and externally provided instructions, 

ing to the invention; ^f. CP f U 11 is configured with a distnbuted 

°„ _ . i • • .«■■ , plurality of memory stores used for specific decoding infor- 

FIG. 9 is a diagram which illustrates how instruction *• j r ■ * ^ % \ c •* % 

*\ mation and for increasing the level of security. In one 

results are obfuscated; lj-^.u * jj 

' embodiment, these memory stores are provided as 

FIG. 10 is a diagram which shows how multiple access ^ E 2p R0 MS 31-35. The use of E 2 PROMs permits the infor- 

flags can be placed within a CPU according to the present madon t0 be rcwrittcn t0 mc CPU u but to remain as 

invention; nonvolatile. The E 2 PROMs 31-35 are used to specify par- 

FIG. 11 is a diagram which shows network interactions ticular configurations of the reconfigurable logic 13 of the 

used to provide program update data; and CPU 11. 

FIG. 12 is a flow chart showing updating of key infor- 1S According to the invention, once the CPU 11 is configured 

mation in accordance with the present invention. in a particular way, in order to use the particular 

DETAILED DESCRIPTION OF THE configuration, it is necessary to compile program instate. 

INVENTION s wulcn are momned m order 10 De executable by the 

particularly modified CPU 11. This is represented by the 
FIG. 1 is a diagram of a microprocessor system according ^ depiction of the compiler 41 connected to the CPU 11 by a 
to the present invention. In the embodiment shown, the communications line 43. If there is a change in the logic and 
microprocessor system includes a CPU 11 fabricated on a 0 p codes during program execution, these changes are 
single chip. The CPU 11 according to the invention includes coordinated in order to enable continuous execution, 
reconfigurable logic 13, a programmable instruction decoder j^ys used f or encryption and corollary configuration 
15, fixed data stores such as a serial number block 17, ROM 25 may b e chosen at random. Each key is expanded according 
19, and variable data stores such as a random number t0 one embodiment to a longer set of non-volatile bits that 
generator 21, RAM 23, and E 2 PROMS 31-35. A control control the microprocessor's logic customization, and may 
circuit 37 and check logic system 39 are also included on the fc e oalled "switch bits". Some of the key bits control the 
CPU 11. The diagram further shows the flow of encrypted instruction decoding and other key bits control hardware 
information from a compiler 41, which produces a software 30 mem ory and logic allocation. These parts of the key may be 
program for the inventive CPU 11. It is of course understood controlled independently, 
that the software content can be transferred indirectly to the A Microprocessor as a Block Cipher 
microprocessor system, and may involve intermediate pro- pjc. 2 is a block diagram of the programmable instruction 
gram storage as well as other peripheral functions. decoder system 15 including an instruction buffer 51 con- 
Software is provided for execution on the CPU 11 in a 35 taining multiple registers 53, 55, and 57; and associated 
selected language subject to compilation into standard multiplexers 63, 65, and 67 which are connected to the 
op-codes. Then these op-codes are encrypted using a key multiple registers 53-57. FIG. 2 also shows a multiplexer 
which matches the key used for configuring the inventive control circuit 69 and a sequencer 71 which is part of the 
CPU 11 during execution. The encrypted OP-codes are control logic system 37. The registers 53-57 in the instruc- 
combined with camouflage or surplus bits according to one 40 lion buffer 51 are used to store instruction words processed 
aspect of the present invention and the resulting code string, by the CPU 11, and the multiplexers 63-67 receive multi- 
thus, has its bits permuted according to the key. The result- plex control codes from the multiplexer control circuit 69 
ing bit string is then gathered into long instruction words, which in turn receives instruction codes from the sequencer 
such as 128 bit words, and these long words are gathered 71 in turn. The sequencer 71 in turn determines a particular 
into multi-word groups that will fit in the instruction buffer 45 sequence that the registers 53-57 deliver their data for 
of the CPU 11. Some camouflage bits are replaced by further processing, so that it is possible to provide this data 
interdependency bits that will be dependent on other inter- from the registers 53-57 in different orders, as determined 
dependency bits in other long instruction words. These by the sequencer 71. In addition, the multiplexers 63-67 can 
encrypted long instruction words may then be distributed be used to control other functions. By way of example, 
without further protection to the CPU 11 having the match- 50 multiplexer 63 is shown controlling a sequencer reset code 
ing key configuration. The encrypted instructions are thus in stored at block 75. Error correcting codes stored at block 77 
a form that can only be executed by a microprocessor are controlled by multiplexer 65, which controls error cor- 
con figured according to the matching key. When the instruc- rection operation, as represented at block 79. The error 
lion buffer of the CPU 11 is loaded with several long correction circuitry 79 is also supplied with key bits stored 
instruction words, interdependencies are checked by logic 55 at block 8.1. Op codes received from multiplexers 63-67 are 
gates, permutations are reversed, and encrypted op-codes are held at register 83, after being processed by the error 
recovered. Decryption is not performed to provide standard correction circuitry 79. It is noted, however, that it is also 
op-codes, because the instruction decoder on the CPU 11 possible to provide information from the different multi- 
responds to encrypted op-codes. Some of the camouflage plexers 63-65 to different circuits. By way of example, 
bits are error correcting codes to be used on errors that were 60 multiplexer 63 provides configuration information to the 
intentionally put in the instructions or data. error correction control circuit 77. 

In FIG. 1, the CPU 11 is shown including predetermined Since the execution of the code, as encrypted, is accom- 

functional blocks including logic circuitry, represented at 13. plished by the operation of the microprocessor, no actual 

In order to allow the CPU 11 to execute programs which are decryption algorithm is needed. Therefore, it is possible to 

encrypted, the CPU 11 also includes a programmable 65 operate encrypted instructions in a computer without 

instruction decoder 15 as well as circuitry to store informa- decryption. This protects encrypted programs from attacks 

tion specific to that particular CPU 11. This specific infor- during encryption. This also makes it possible to provide 
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secure software to persons who are not eligible to receive tually go to the instruction decoder. The program counter 

data decryption programs. will not be operated by incrementing by one. It will be 

Mapping of a "block cipher" according to the present incremented by m, a number determined by the key, the 

invention to a complicated microprocessor hardware basis serial number, the sequencer 71, and the instruction buffer 

enable logic reconfiguration. In the past, block ciphers have 5 non-instruction contents and instruction contents. Addresses 

operated on abstract information, with the microprocessor for instructions that are executed in sequence are not sequen- 

that performs the cipher being an exact copy of many other tial addresses, but are arranged by the compiler to be loaded 

ICs. The invention changes the paradigm from the realm of into memory locations which conform to the program 

abstract information into the realm of reconfigurable logic counter incrementation plan. For example, if "long instruc- 

that forms a machine. Instead of manipulating data in 10 tion words" are 128 bits long, and each instruction has 9 

complicated ways using concepts that are intended to create OP-codes, and there are 4 long instruction words in the 

bewildering informational complexity, this invention instruction buffer, then the program counter may increment 

manipulates complicated hardware using concepts that by amounts from 2 to 18 (modulo 9*4) The compiler would 

should present adversaries with an IC that seldom has the have provided for this scheme by gathering op-codes into 

same major signals used on the same conductors for different 15 locations planned with this incrementation plan taken into 

ICs. Each CPU chip produced, according to the present account. 

invention, has an instruction set that can be different from The sequencer circuit 71 is included so that more com- 

the instruction set of any other processor. It is not data that plexity is designed into the instruction execution operations, 

is being descrambled by a standard microprocessor, it is a Some of the key bits are used to initialize the sequencer 71 

microprocessor that is configured to execute particularly 20 when it is reset. Then the sequencer 71 produces a new 

scrambled code. Complexity theory is used in the logic output code on each n clock cycles. This code will be 

reconfiguration and in the input and output codings so that logically combined with encrypted instructions to feed codes 

the degree of complexity may be compared to the complexi- to the instruction decoder. The compiler shares sequencer 

ties produced by ordinary block ciphers. information in common with the CPU U because they share 

Errors which are Introduced Intentionally 25 a common key, so the encrypted op-codes are prepared for 

Encrypting of the software is accomplished, according to the logical combinations which the sequencer 71 will pro- 
one aspect of the present invention, by errors which are vide. This increases the complexity by making each instruc- 
intentionally placed in the data and/or into the iastructions. lion have a varying code that depends on the sequencer 71. 
The errors are then error-corrected by on-chip circuitry. For example, the ANDing instruction would have one code 
Since there are a variety of ways to perform error correction, 30 the first time it is used, and a different code the second time 
the particular form of error correction is selected at the time it is used. The number n, which is the number of clock cycles 
of instruction encryption and that particular form of error between new sequencer codes is designed in coordination 
correction is used to correct the errors on-chip. By way of with the data output block size. If the data output block size 
example, the error correction may be a form of Hamming is 1 byte, n is 1. If the data output block has 8 bytes, n may 
code. Since there is more than one way to perform this type 35 be up to 8. The intention is to obscure the relationship 
of error correction, the data or instructions would be essen- between an encrypted op -code and a result so that adver- 
tially useless without providing the information concerning saries cannot simply feed chosen OP-codes and data to the 
the particular type of Hamming code being used. CPU U and observe a simple relationship between them. 

These codes can come in many varieties, and they can be With this plan, the adversary will observe that a block of 

key -dependent. The long instruction words may contain 40 output data has a complicated relationship with chosen data 

modifications to the error correcting codes to that data and inputs and chosen long instruction words loaded into the 

can have varying error types and correction types. instruction buffer. The CPU 11 will require that the instruc- 

Program Executed without Requirement for Decryption tion buffer be filled before any data results are output. 

The inventive CPU 11 is not a data decryption device, Complexity theory is used in the logic reconfiguration, 

according to the present invention. The inventive CPU 11 is 45 Adversaries who try to observe the signals on the CPU 11 

designed to receive scrambled instructions but not to decrypt will encounter more variability than on ordinary ICs. Logic 

them. Instead, it uses scrambled instructions and outputs functions will be allocated depending on the key and on the 

results from calculations by operating in a mode that accom- sequencer 71. Each CPU 11 with a different key uses 

raodates the particular encrypted form of the data. The different metal lines and other conductors to use different 

programs themselves can be written in such a way that data 50 logic gates for standard functions of a microprocessor, 

decryption is performed. Optionally, data encryption and A memory remapping capability will be implemented on 

decryption software can be written for the inventive CPU 11, the CPU 11 so that memory resources on the CPU 11, which 

as for any other CPU, but that is not the focus of this have fixed locations on the silicon chip, will be allocated to 

invention. The "Complexity Theory" which may be applied be used for different program variables, depending on the 

to an implementation of this invention would provide an 55 key. _ _ 

analysis of the work complexity magnitude which the Instructions Longer than Minimum 

scrambling and transformations provide. This work com- As an example, each instruction may be 128 bits wide (16 

plexity is adjustable by the computer architects who specify bytes). Also suppose standard op-codes are one byte each. If 

the detailed implementation of this invention. It is envi- only 9 encrypted op codes are put in the 16 byte instruction, 

sioned that the complexity will be on the order of 2*55 60 this leaves 7 bytes for camouflage, error correcting codes, 

operations, similar to that of "weak cryptography". That sequencer reset codes, and interdependency codes. A wire 

amount of work would enable an adversary to produce crossing will permute the 128 bits when the compiler creates 

instructions which perform the same calculations as the the 128 bit instruction, and the CPU 11 with the right key 

encrypted instructions. will reverse this wire crossing before using op -codes for the 

FIG. 2 illustrates how instructions are used from the 65 instruction decoder. The op -codes are well-known in the art 

instruction buffer under control of keyed switch bits that of microprocessors and are a form of an abbreviated instruc- 

change the wiring of the logic signals. These signals even- tion set. An example of op codes are shown in Appendix 5 
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(page 316) of Malvino, Digital Computer Electronics, sec- 
ond ed, 1983, ISBN 0-07-39901-8. 

FIG. 3 shows an example of an implementation of the 
encryption done by the compiler 41 and FIG. 4 shows the 
reverse wire crossing done by the CPU 11. Referring to FIG. 
3, the compiler 41 receives information from a program 
source at an input circuit 101 an output encrypted instruc- 
tions to the CPU at an output circuit 103. The output at 103 
is encrypted for the particular CPU 11, as identified by a key 
provided by the software vendor and a serial number of the 
CPU, stored on the CPU 11 at 17 (FIG. 1). The key and the 
serial number are expanded at key expansion circuit 111. 
The key expansion circuit provides information to an op 
code translator 113, an error production circuit 115, a 
sequencer scheduler 117 and an instruction buffer model 
119. Op codes are provided by software source code from 
the input 101 and translated into object code at an op code 
compiler 121. The compiled op code is translated by the op 
code translator 113 in accordance with the expanded key 
from the key expansion circuit 111. The translated op codes 
are then provided to the instruction buffer model 119. The 
instruction buffer model 119 performs wire crossings of bits 
to form encrypted instructions. 

The error production circuit 115 inserts errors in an 
instruction set stored in the instruction buffer model. Since 
the CPU 11 includes an error correction circuit 79, it is 
possible to use the errors provided by the error production 
circuit to insert errors which are correctable in a predictable 
fashion. The error correction circuit 79 is then able perform 
error correction in a predictable fashion in accordance with 
error correction data supplied by error correction code 
circuit 77. The error production circuit 115 receives its 
control information from the key expansion circuit 111 and 
therefore the types of errors produced match those which 
can be anticipated to be corrected. Moreover, certain classes 
of errors can be safely inserted assuming a known error 
correction algorithm is being used. The successful correc- 
tion of these errors can be presumed, but only if the known 
error correction algorithm is used. Therefore, the successful 
correction of intentionally inserted errors by the error cor- 
rection circuit 79 can be assured. 

The instruction buffer therefore provides output instruc- 
tions which include translated op codes, the errors, the 
sequence scheduling information from the sequence sched- 
uler 117, and key expansion information. This data is 
provided to the output circuit for providing encrypted com- 
piled instructions along communication line 43. 

In FIG. 4, long instruction words are used in the instruc- 
tion buffer 51 of FIG. 2 which permit reverse wire crossing 
by the CPU 11. Each of the multiple instruction registers 
53-57 includes more bits than are used to provide the op 
codes provided at instruction decoder 83. As represented in 
FIG. 4, the locations of bits within these instruction buffers 
is randomized according to the expanded key. The connec- 
tions between the individual bits in the multiple buffers 
53-57 is therefore random, as represented by the errors in 
FIG. 4. There are, however, no hard wire connections from 
specific bits in the multiple instruction buffers 53-57 to the 
instruction decoder 83; instead, the data from the registers 
53-57 are provided to the instruction decoder 83 through the 
multiplexers 63-67 shown in FIG. 2. 
Instruction Buffer Interdependences 

Since the blocks of instructions are larger than they need 
to be, interdependences between bits of separate instruc- 
tions can be provided so that the CPU 11 may check these 
dependencies for conformance to criteria, shared by the 
compiler 41 and the CPU 11. FIG. 5 shows how interde- 
pendences are checked in the instruction buffer. 
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FIG. 5 is a block diagram of the instruction buffer 51 and 
a check logic system 39 according to the invention. The 
check logic system 39 provides an instruction intcrdepen- 
dency check between data provided from the multiple reg- 
isters 53-57. By combining key bits and serial number bits 
with selective outputs from the multiple registers 53-57 it is 
possible to provide a verification of the authenticity of 
information being transferred through the instruction buffer 
51. Different bits stored within the multiple registers 53-57 
may include instruction op code bits (represented by I), error 
correction code instructions (represented by E), sequencer 
reset codes (represented by S), and validate dependency bits 
(represented by V). In addition, since there are more bits 
within the multiple registers 53-57 than required for trans- 
ferring operation instructions, it is possible to provide cam- 
ouflage bits (represented by C), which make it increasingly 
difficult to resolve the stored bits of information from the 
shift registers to a decoding algorithm. 

Fetches from external memory are in blocks of b words, 
where b is a number between 2 and 32, usually. Not all of 
the fetched bits are used. This causes confusion for adver- 
saries who try to interpret the behavior of the chip from its 
pins, without observing internal signals. Some of the bits are 
there for camouflage so an adversary may waste time 
analyzing them. Some bits just separate use fill bits so that 
adversaries cannot tell which bits should be combined to 
compose an op -code. One encrypted op-code may have bits 
in more than one 128 bit instruction in the instruction buffer. 

Instruction block sizes are larger than a predetermined 
minimum size for performing computational functions of the 
CPU chip 11. Programs compiled to execute on the CPU 11 
are compiled in a manner to utilize block allocations of 
instructions according to a key. Since the blocks of instruc- 
tions are larger than they need to be, interdependences 
between bits of separate instructions can be provided so that 
the CPU may check these dependencies for conformance to 
criteria shared by the compiler 41 and the CPU 11. 
Logic Architecture that Comprehends Physical Implemen- 
tation in a CPU 

Referring to FIG. 6, a prior art CPU 131 may include 
specific regions for random access memory (RAM) 133, 
read only memory (ROM) 135 and a non- volatile memory 
such as E 2 PROM memory 137. The purpose of the different 
types of memory 133-137 may be varied, although RAM 
133 is typically used for program manipulation, while ROM 
information 135 is used for fixed data. E 2 PR0M is less 
easily manipulated because of the time it takes to write to 
E 2 PR0M, and is used for program action instructions and 
other data which is written to the CPU 131 at one time or 
occasional basis. 

Referring to FIG. 7, each memory type used on the 
invention (RAM, E 2 PR0M, PROM, ROM, anti-fuse, fuse, 
laser-link) appears in several distributed block sizes in the 
physical layout, including for example 1 bit memory ele- 
ments which are used in logic in a static way. According to 
the invention, there are hundreds of distributed single bit 
memory blocks used to comprise an entire memory unit. The 
CPU 141 can include a 16 bit block of memory used to 
control reconfigurable logic according to the invention and 
the memory can be in larger n bit arrays, as is normally seen 
on ICs. This tactic increases the complexity of the work that 
an adversary must perform. The distribution of memory on 
a CPU is such that the various forms of memory are widely 
distributed. Thus, various distributed segments of the CPU 
141 are allocated for RAM 143 ROM 145 and E 2 PR0M 
147. This provides several advantages: 

•1. Multiple applications which use one CPU may have 
separate memory blocks. This provides more secure 



04/01/2004, EAST Version: 1.4.1 



US 6,3( 

11 

separation of information than if only one memory 
block were to be used to hold information for multiple 
applications. 

2. In order to provide keyed information and instructions 
which are particular to a specific CPU 141, the instruc- 
tions are written at multiple locations. Thus, the modi- 
fied instructions for performing an operation under one 
particular variant of a program may require instructions 
changes at various stages within the CPU 141. 

3. By locating memory used to reconfigure the CPU 141 
at different locations, it becomes more difficult to 
analyze the CPU to determine which specific codes are 
provided to the CPU 141. 

The configuration of the logic architecture is varied 
according to keys which are used to encrypt the software and 
to operate the deconvoluting operational logic of the CPU U 
according to the invention. Software compiled according to 
the keys is implemented so as to accommodate these 
changes. This allows variations in memory block size and 
layout, as well as variations in pipeline use. Since each CPU 
11 could be provided with a different key, the software 
compiled according to one key would not work with a CPU 
varied according to a different key. 

The keys are preferably programmable in non-volatile 
memory, such as E 2 PROM (erasable programmable read- 
only memory) cells on the chip. The IC can hold many keys 
and they can be erased and re-programmed many times. The 
chip manufacturer need not know any of the keys on the 
chip. The user has possession of the chip's security 
capabilities, and can decide whether to accept or reject 
conditions established by software licenses. In other words, 
the user can purchase a microprocessor chip with all keys in 
a blank state, and then optionally load keys or not load them. 

Normally, the user will never need to load a secret key, but 
only public keys. The user also has the option of loading 
secret keys, instead of using the internal key generation 
procedure, described in the next paragraph. There is no 
function available to read keys out of the microprocessor 
chip after they have been stored in non-volatile memory, but 
an authorized user can erase all of the keys. The trustwor- 
thiness of the I C manufacturer is not provable, but it is a goal 
of this design to include no hardware on the IC that provides 
a back door for the manufacturer to use. Software can be 
loaded into the chip to perform secret functions that are not 
provided by any special hardware, but no software has the 
power to control all of the hardware. 

The keys for the IC and the compiler 41 may be chosen 
at random and given to the compiler 41 and IC by secure 
means. However, the following description is one in which 
the IC creates the keys. The keys are generated by an on-chip 
random number generator and are kept temporarily in RAM. 
A public key for a software vendor is entered into the IC and 
the key is encrypted with that public key. This encrypted key 
is sent to the software vendor so that a purchased program 
can be compiled to produce instructions that will only be 
executable by the IC that created the key. The IC uses the 
key to produce the custom instruction decoder functions by 
programming non-volatile memory cells in the instruction 
decoder. The IC then expands the key into an "expanded 
key" and stores this expanded key in non-volatile memory 
cells around the IC. These bits of the expanded key control 
switching circuits, reconfigure logic, and in general, cus- 
tomize the IC to implement all of the security features 
described in more detail in the remainder of this text and 
figures. 

The keys will be made partly from unalterable ROM, and 
partly from PROM which can be programmed. In addition, 
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E 2 PR0M memory which can me erased and rewritten can 
hold some of the key bits. By using more than one memory 
technology and more than one memory location to hold key 
bits, it makes it more difficult for an adversary to discover all 

5 of the bits of the key. 

The inventive arrangement focuses on two levels of 
vulnerability for ICs: the pins on the I C package and the 
internal signals on the IC inside the package. According to 
this aspect of the invention, a microprocessor has its con- 
ductors allocated and its logic reconfigured into a scrambled 
arrangement, depending on a key. It can operate on ordinary 
data in ways that are so different from other copies of the IC, 
so that most adversaries are prevented from learning valu- 
able information about the keys, about some ROM bits, and 
about the instructions. Those adversaries who do learn that 

35 information may often be prevented from profiting by that 
information by techniques that further vary the operation of 
individual CPUs. Additionally, the data operands and 
results, which are not encrypted, have their usefulness 
obscured to adversaries. Data encryption can also be used as 

20 a higher layer of protection. 

This aspect of the invention uses a microprocessor that is 
being scrambled to process standard data. The architecture is 
designed with the physical layout in mind, but it does not 
depend on that level of detail. This architecture brings 

25 together the need of the end user with the planning of a 
microprocessor architecture, so that implementors have the 
framework of security upon which they can specify detailed 
implementations which comprehend past security attacks. 
Instruction Result Obfuscation 

30 It is possible for the CPU 11 to have its logic gates 
configured to perform variable logic instructions. The logic 
gates may be reconfigured according to a key. Even though 
the instructions may be coded to obscure their meanings, the 
instructions still specify ordinary operations such as AND, 

35 OR, ADD and COMPARE, So to make these operations 
more difficult for an adversary to recognize, measures will 
be taken. The logic gates which calculate the result of each 
basic operation will be variably allocated from several 
possible sets of logic gates. Also, the result of the basic 

40 operation will be made more obscure than is normally done. 
Tne operands that are used as inputs to the logic for the basic 
operations can be in two different formats, so an adversary 
has a difficult time understanding what is going on. This is 
a tactic called plausible wrong answers. In this plan, two 

45 correct operands and two plausible wrong operands are sent 
to ADD circuits. Two answers are calculated, a correct 
answer and a plausible wrong answer. These two results are 
then sent to separate other circuits for further buffering or 
manipulations. This bifurcation, when combined with large 

50 data output block size introduces some uncertainty into the 
analysis done by adversaries. Plausible wrong answers may 
be included in data output blocks, but would not be used by 
external devices which are compliant with this scheme. 
Referring to FIG. 8, there is shown a diagram of CPU 11 

55 comprising various ROM bits 141 including serial number 
information 143, and reconfigurable logic 145. The ROM 
bits 141 are distributed about the integrated circuit CPU 11 
has the advantage that different controls for the CPU logic 
can be located at different locations. Thus, if a portion of the 

60 logic is reconfigurable, then the actual function of that logic 
can be more readily controlled by the ROM. In addition, it 
is possible to mix depletion mode and enhancement mode 
bits in ROM 141, so that a visual analysis of the CPU 11 
does not reduce to a clear analysis of the status of various 

65 logic gates and bits. 

FIG. 9 shows the logical operation of obfuscation of logic 
executed by the CPU and illustrates how instruction results 
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are obfuscated. By the use of reconfigurable logic gates as allocation will be partially controlled by these bits. Micro- 
described in connection with FIGS. 1-2, one is able to code is commonly used on ordinary microprocessors for 
provide a combination of correct and incorrect answers for general purposes. 

each logical operation. Thus, if an operation is defined as Wafer masking techniques usually use "reticles" which 

using operands A & B, multiple operands can be provided, 5 can have one or several IC images on each reticle; 4 to 16 

thus resulting in correct answers, as well as incorrect ICs per reticle are common. This means that 16 ROM 

answers. The purpose of this invention is to make it more versions can be defined for each silicon wafer. All wafers 

difficult for an adversary to gain valuable information by from a fabrication run will have the same reticles. The 16 

observing signals on ICs. Since instructions are never ROM versions can have 16 key fragments present, each 8 

decrypted into ordinary codes, this is an advancement over 10 bits in size. These key fragments would be on the lowest 

earlier chips that have adversaries. planar level on the physical IC. 

The issue arises about recognizing instructions by the The key will not be limited to the lowest layers of the IC 
actions taken by the ALU pipeline in response to the structure, as some of the ROM bits should be. Some low 
nonstandard instructions and data formats. For example, level ROM bits will control the allocation of some logic 
there may be an instruction called AND which takes two 15 gates. The values of these secret ROM bits are directly 
operands and calculates the bit wise ANDing result. So mapped to the ROM serial number which is partially made 
someone may expect it to be easy to recognize the instruc- public. So not every chip made according to the invention is 
tion by its result. Therefore a technique proposed in this the same, even disregarding the keys stored in E 2 PR0M 
invention is to design logic which is difficult to interpret. In cells. If there are 16 versions on a wafer, then many wafers 
this example, the logic dedicated to the AND function would 20 will share the same 16 ROM codes. ROM bits may be in 
be configurable into a variety of forms depending on the key, arrays or in a single bit configuration so that they are 
so two different chips would usually have different logic scattered around the die to customize logic in ways that are 
gates allocated to perform the function. Also, a variety of revealed by the serial number. In this way there appears to 
result storage gates would be available to be allocated to be 16 different IC designs due to the reticle design men- 
hold the result of the ANDing of the operands, and tbe key 25 tioned earlier. FIG. 8 illustrates where the ROM sections 
would determine which gates are the ones which are used on may be placed on the IC. 

a particular IC with a particular key. Preferably depletion implant ROM processing will be 

This variability of logic gate allocation for instruction used because this is known to be difficult to observe visually, 

execution and result storage will make it more difficult for A depletion device usually is an n-channel MOS transistor 

an adversary to understand the operations which take place. 30 that has a negative threshold voltage. The purpose is to use 

False result gates will be allocated to hold wrong results two non-volatile memory technologies to store information 

after the instruction is executed to baffle adversaries. which reallocates logic gates to form the CPU. By using 

The two data operands can have different data formats depletion ROM as one of those technologies, some signals 

(different numerical representations) and the ADD logic can remain only on the lowest planar conductor layers of the 

gates will take these differences into account to produce a 35 IC structure. This makes it more difficult for some adver- 

correct answer. Similar techniques for SUB, MULT, etc. saries to measure the states of the logic, 

(standard instructions) will provide variable allocations of The invention makes use of reconfigurable logic perva- 

logic gates for different ICs depending on the key. This sively. This reallocation of logic gates under control of the 

multiplicity of key-dependent logic implementations for key bits and ROM bits is largely what makes this idea 

standard logic and arithmetic operations will increase the die 40 valuable. This makes it difficult for adversaries to profit from 

size but even more, it will increase the difficulties for signal measurements, 

adversaries to profit from signal observations. Serial Number Utilization 

The CPU 11 is provided in which its logic design is Serial numbers are sometimes sent in public view, and 

variable, and when a program is provided for use in the keys are normally secret. Each chip will have a unique serial 

particular computer, the program is compiled in accordance 45 number which is partly stored in ROM and partly stored in 

with the architecture supplied by the microprocessor. There- E 2 PR0M. The serial number is sent to the compiler 41 so 

fore the microprocessor has a variable instruction set, at least that the ROM hardware customization bits will be specified, 

with respect to which functions are generated by which For example, if 16 ROM versions are produced, as previ- 

program sequences in object code. ously described, then there will be 16 ways in which logic 

The variability is established by and is supplied to the 50 hardware will be allocated under control of the ROM codes. 

CPU 11 in memory stores established by E 2 PR0M, ROM Tbe serial numbers stored in ROM will also have 16 values 

and RAM memory on the CPU 11. Thus, when a program is coded in as little as 4 bits. This is one reason for having a 

provided for use in the particular computer, the program is serial number. 

compiled in accordance with the architecture supplied by the A second reason for having a serial number is to uniquely 

CPU 11 as determined by the key. Therefore, the CPU 11 has 55 identify an IC without using cryptography, 

a variable instruction set, at least with respect to which A third way to use a serial number is to encrypt it using 

functions are generated by which program sequences in a public key and then sending it to the owner of the public 

object code. The architecture of a particular chip may be key to be interpreted. 

established during the logic design of the chip, thereby Optionally, this invention uses a new technique called the 

defining the architecture for each CPU chip independently. 60 "partial serial number strategy." This strategy is to never 

ROM Implementation show the whole serial number in public, but to only show 

The ROM will hold a serial number, key fragments, part of it. The serial number may have 128 bits, for example, 

customized switch bits, and ordinary microcode. Key frag- Which part of the serial number is shown is under control of 

ments are about 8 bits of ROM that are appended to the rest some key bits. By using only a part of the serial number, 

of the key that is stored in programmable memory. Custom 65 hundreds of partial serial numbers can be derived from only 

switch bits are ROM cells which control inputs to multi- 16 ROM serial numbers, without even using the program- 

plexers and logic gates so that signal routing for logic gate mable E 2 PR0M sections of the serial numbers. The com- 
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piler owner has secured copies of the 16 whole serial represented by block 201, the program checks for a key 

numbers so the compiler owner can compare partial serial expiry event, represented by block 203. The key expiry 

numbers with sections of whole serial numbers. When a event could be any convenient event, such as time of usage, 

match is found, the compiler owner knows which serial real time or number of uses. If the key is fully updated, as 

number the partial serial number came from. The serial 5 represented by box 205, the execution of the program is 

number is needed for the compiler 41 to produce software continued uninterrupted, as indicated at 207. If an update 

which comprehends the state of the IC logic. Some parts of needs to be made in the near future, the user is notified 

the ROM are not serial numbers but they are secret bits (block 209) to initiate key retrieval, shown at block 211. 

which allocate some logic gates. How these gates are Alternatively an automatic update is initiated, as indicated 

allocated is under control of only the ROM, and these gates 10 by dashed line 213. If the key is not updated, the program is 

should only occupy the lowest layers of the IC structure. terminated, as indicated by blocks 215 and 217. Therefore, 

The "partial serial number strategy" is intended to if the key is current but nearly expired, the user is warned or 

increase the complexity of the task facing adversaries who a key retrieval operation is initiated. If the key is updated, as 

only observe information that is intentionally sent from a represented by block 219, the program operation continues 

CPU chip. By using only a partial section of the serial is according to the decision at block 205. 

number for each IC, hundreds of different CPU chips will Instructions versus Data 

send unique serial numbers based on only 16 ROM versions. Data and instructions are two different categories of 

Other sections of the serial numbers only will come from information and this invention is designed to use encrypted 

E 2 PROM cells, and so, they are unique to each IC. One instructions regardless of the data format. It is emphasized 

example of how the key may select parts of the ROM serial 20 that instruction encryption is the primary purpose of this 

number is to report the serial number after ignoring the first invention, a second purpose is to scramble on-chip logic, 

m bits of it, where m is a function of the key. Other ways memory, and signal allocations, and that data is either 

may skip odd bits in the serial number and report only even unprotected, or given some small protection which does not 

bits, where that choice is determined as a function of the key involve data encryption. This invention is not about data that 

(for example a cryptographic hash of the key). 25 is being scrambled by a standard microprocessor, it is about 

Adversaries may record and replay serial number frag- a microprocessor that is being scrambled to process standard 

ments which are not valid for their CPU ROM and key data. 

combination. If they are sent software, then it is likely that On the chip, there will be RAM for data and RAM for 

it would not be usable on their CPU chip. instructions. Some of the bits in those memories will be 

Networked Interactions 30 there to obfuscate the code, thereby confusing attackers. For 

The invention can be programmed to require a handshake example, if two numbers are added, the two operands can 

with a server to allow continued operation, or it can be put have extra bits that are not used. The result of addition in the 

in stand-alone mode. FIG. 10 is a diagram of CPU 11 arithmetic logical unit (ALU) can have extra bits of erro- 

showing the use of shows the use of satellite access flags neous information that are stored into the data RAM. This 

distributed at various physical locations on the CPU 11 35 randomizes results within the processor so the attacker may 

according to the invention. By placing various flags at not be able to deduce whether addition occurred, or if the 

different locations on the CPU, it is possible to provide a operation was subtraction, or EX-OR or other possibilities, 

control function which is varied in accordance with the In addition, the data memory mapping would become dif- 

specific flag at that point. ferent for different chips. 

Referring to FIG. 11, the key can be changed remotely and 40 There is an option to use a standard instruction set for an 
new data formats and new software may be needed to ordinary computer language with non-standard data repre- 
continue operating. The CPU 11, located in the user's sentations. This provides an ability to perform mixed 
computer device 171 receives the key from a key server 173 operation, in which standard op-codes are combined with 
and that key is functional for that particular CPU 11. The variable data representations. Therefore there are four ways 
user is able to obtain the key from a key server 173 for 45 to operate: first, with standard instructions and standard data 
storage in key memory 175 via a public network 177 such formats; second, with encrypted instructions and standard 
as the internet or a satellite broadcast. The key is only data formats; third, with standard instructions and non- 
functional when applied to the CPU 11 having a particular standard data numeric representations; and fourth, with 
identifier 179. This permits program information to be made encrypted instructions and non-standard data numeric rep- 
freely available from a program server 181, and may also be so resentations. 

transmitted through public network channels, such as net- Dynamically Varying Data Representation 

work 177. By the use of public key cryptography, the use of According to a further aspect of the invention, dynami- 

the key is secure. Other users, represented by blocks 185 cally varying representation is used for data processed in a 

have access to the program information from the program CPU. The dynamically varying representation is still usable 

server but must obtain corresponding keys to make use of 55 in arithmetic and logical operations without being 

that program information. Physical protection of the key is decrypted. There are many ways to represent numbers, and 

easier than physical protection of programs, but if a key is the inventive CPU hardware design will have apparatus to 

discovered by an adversary, networked handshaking can operate on these multifarious representations, in coordina- 

make that captured key useless. tion with the compiler 41. The compiler 41 creates a 

Various plans can be created to discover the existence of 60 schedule for varying the numeric data representations, and 

captured keys, and to deal with pirates in subtle ways, the chip follows this schedule to use the data correctly, 

without their knowing they have been detected. While an old Examples of the proposed numeric representations are: 

key can be programmed into the inventive IC to use an old 1. Data represented in Residue Number Systems can use 

program with old data, new programs and data formats for the Chinese Remainder Theorem to provide calcula- 

new keys will not be useful to pirates with old keys. 65 tions which some adversaries will find difficult to 

Referring to FIG. 12, the CPU is able to require updating understand. For example, a number can be broken 

of the key for continuous operation. On program start, down into three parts under three secret moduli. The 
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key would hold information on the three moduli, with- watchdog timer, which the program is required to write 

out which, the number cannot be easily re -assembled. during the cache stage. At the security cache, any discrep- 

2. Radix conversions ancies which may have occurred earlier are noted, an audit 

3. Redundant Number Systems may be performed, and flag bits set. At this point, it is not 
When results are written to external memory, they are 5 necessary to notify the user because the user may or may not 

written in blocks of w bytes, where w is from 1 to 32 usually. be an authorized user of the software. 

Not all of the results in this block are correct or useful The Writeback stage of the pipeline may initiate a server 

results. Some results are correct results for a wrong opera- handshake. At that point, information regarding security 

tion to give an adversary the appearance of a behavior which flags may be transmitted back to the server, 

is not the behavior which is used in the program. This will 10 In the inventive CPU, instruction op codes arc provided in 

increase the difficulty of the task of an adversary who seeks such a pipeline architecture, and an information key is 

to understand relationships between instructions, operands, established. The information key provides instruction secu- 

and results. For example, if two input data operands are rity commands in the multiple steps of the pipeline 

added, the data output block can contain both the sum and architecture, and an arithmetic logic unit (ALU, part of the 

the difference so an adversary may not know what instruc- 15 logic 13 shown in FIG. 1) provides variability of logic 

tion was used to produce the answer. The key would circuitry for program execution. The execution can be 

determine the location of the correct answer. The destination performed using encrypted op codes or using standard op 

for the output data block would need to have some coordi- codes that provide standard instruction operation types, 

nation to determine which parts of the output data block are Compiler Interactions 

correct. 20 The compiler 41 will be designed to comprehend all 

Pipelined Architectural Implementation aspects of the CPU 11 implementation of the architecture 

Some microprocessors use pipelining of the arithmetic described for this invention. The key that is shared with the 

logical unit (ALU) to obtain better performance. In this compiler 41 and the CPU 11 determines operating charac- 

example, which uses a pipeline with 6 stages, it will be teristics of the program counter, sequencer, wire crossings 

demonstrated how to implement some of the features of this 25 for the instruction buffer, interdependences in the instruc- 

invention into a pipelined architecture. tion buffer, error correcting plans, data representations, 

Each stage of the pipeline will contribute to the tech- instruction encryption, output block size, memory 

niques which make the inventive CPU useful. The 6 stages allocation, secure memory partitioning, and all other details 

are labelled: fetch, decode, register, execute, cache, write- needed to use functions on the CPU 11. 

back. Also, the Instruction Cache has a line size of 128 bits, 30 There is more than one way to implement the invention, 

which is the same as the instruction size of the preferred so more than one compiler type may be needed. In particular, 

embodiment. the key can have two section: one for controlling instruction 

In the Fetch stage of the pipeline, the instruction buffer encryption and execution, and another for controlling unre- 

holds four entries and the compiler 41 can use this buffer lated hardware reconfigurability. In other words, the com- 

arrangement to provide interdependencies between instruc- 35 piler 41 must be able to use a key so that a single encrypted 

tions in groups of four to increase the complexity for any instruction stream is available to many ICs which have 

attacks that may be attempted. Bits of instructions in the different physical memory allocations, different result obfus- 

instruction buffer are set to cross-check each other in a cation circuit allocations, and various other reconfigurable 

manner similar to parity checking. At this stage of the logic resources which do not interfere with the execution of 

pipeline, hardware can check different bits in several instruc- 40 a common encrypted instruction program used on many ICs. 

tions to verify the validity. Then the invention would be able to thwart power analysis 

The Decode Stage of the pipeline usually allows instruc- techniques that seek to discover the key. Each time a smart 

tion folding, but this can be changed to allow instruction card cryptographic key is used in a transaction, logic could 

buffer dependency checking, to compose error correcting be re-allocated so that power use would change, 

codes from the key and instructions, and to re-arrange bit 45 Key Management 

substrings in the wide instructions to make decoding more Key distribution could be handled securely by a variety of 

efficient and to display camouflaging behaviour to any means. In a preferred embodiment, each chip has a public 

unauthorized observers. Errors in the instructions will be serial number. A second number, the Key, could be provided 

corrected at this stage. In addition, it is possible to include by a Random Number Generator (RNG) on the CPU 11. The 

camouflaged bits in the instructions. The camouflaged bits 50 RNG may use the principles described in U.S. Pat. No. 

may then either be stripped, or checked by separate circuitry 4,694,412 "Random Number Generator for Use in an 

in order to determine the existence of the camouflaged bits. Authenticated Read-Only Memory", to Alan Folmsbee. This 

The Register stage of the pipeline will be involved with RNG uses several oscillators with capacitive feedback from 

using the variable numeric representations. Type checking of the random number to alter their frequencies. This RNG also 

data will important to using the correct arithmetic operations 55 has small local heaters that turn on and off at irregular 

on the operands involved. This stage will also perform error intervals to provide unique thermal histories for each session 

correction on data. of key generation. Thermal noise and radioactive decay also 

The Execute stage of the pipeline may involve Object provide randomness. A key is generated by this RNG and it 

Field manipulation. Object Fields can have data that is is stored in non-volatile memory. The RNG may also create 

scrambled before they are presented to the CPU chip. During 60 more serial number bits to be stored in programmable 

the Execute stage, data can be unscrambled before being memory. In this way a user can customize the serial number, 

operated upon arithmetically. This makes the data less for added flexibility. 

usable outside of the setting of the inventive CPU. The public key of the software company is loaded into the 

The Cache stage of the pipeline writes audit information microprocessor chip as used in this invention. The Key is 

to a security cache which is not normally visible to unau- 65 encrypted with that public key. The encrypted Key and the 

thorized users. Also, there is one extra register that is visible serial number are sent to the software company. The soft- 

to users, and which can have various uses, such as a ware company decrypts the encrypted Key with its private 
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key and examines it to determine if it has acceptable set-top box for satellite TV. A tiny Card Operating 

statistical properties. If it passes those tests, the software System in this case would be coded for the key and 

company uses that Key to encrypt the purchased software would be held on the chip. 

with the algorithm that the invention requires. The software 2. The chip is in an open system such as a PC or 

company sends the encrypted software to the customer. That s workstation where an Operating System (OS) is not 

software will only be executable on one microprocessor using a key. 

chip; that is, the one that generated the random Key. The first situation is the easiest to deal with. This will be 

The CPU U can have a large number of Keys stored in where the CPU 11 is dedicated to one embedded situation 

E 2 PROM cells so that software may be executed. The where it uses one key for a long time. It can have its key 

software may therefore execute instructions from many io changed by re -programming E 2 PROM cells. Then it uses the 

sources using different Keys. Each Key is comprised of new key for a long time. 

multiple bits which alter the instruction decoders, obfusca- The second situation can use a null key (all zeros) where 

tion circuits, and the arithmetic logic unit (ALU). The the OS uses ordinary op-codes for its work, and then the 

software is not decrypted before execution, but selected secret key bits are used for the variable instruction set for 

software bits will be routed by "keyed wiring" to supply the 15 non-OS tasks. On-chip memory is partitioned so there is a 

correct instruction, data, and address bits to the correct section which the OS cannot access because it is only used 

circuit blocks. for programs running under the key. When implemented for 

There would be a facility for the software to alter its own this scenario, the E 2 PR0M cells holding the key bits are 

key under certain circumstances. For example, the software implemented as Non- Volatile RAM cells (NVRAM) where 

license may require monthly payments to be made. If the 20 a default key bit is stored in the E 2 PROM cell section of the 

payments are not made, the software can alter the internal NVRAM cell, and a variable key bit may be written into the 

key. To accomplish this, a permission code may be required RAM section of the NVRAM cell. This RAM section may 

to be downloaded from the Internet before the program is be all zeros, so it uses standard op -codes such as Java byte 

run a predetermined number of times. The chip sends an codes, or it can be a volatile key so that the chip will use 

audit code to the software company and then the permission 25 non-standard instructions from a coded OS. 

code is sent from the software company which is a custom- There can be two programs interleaved (or more than two 

ized number for each microprocessor chip for one program. if the added expense of IC real estate is provided to allow 

The intent is that the customized number permits the soft- several keys to be ready for use at any time). One program 

ware to be used by one user. The chip may give warnings can use the default key in the NVRAM cells and then, with 

about impending key modification, so the user has plenty of 30 little delay, the key bit value in the RAM part of the 

time to get the permission code. While the program is NVRAM cells can become the controlling key bits, 

running, a real- time-clock emulation program can keep When one key is in effect, the logic gates are allocated to 

clock time so that it can tell when a time period has expired form a microprocessor under that key's command. When 

since me program was started. That is in addition to the limit another key is put in effect, the instruction decoder is 

of times the program can run without a new permission 35 re -programmed to respond to the other instruction set. For 

code. A clock frequency detection circuit can detect whether this purpose, where switching instruction sets occurs 

the clock is stopped or slowed too much. frequently, the instruction decoder should be controlled by 

Another circumstance may cause the software to erase its volatile RAM cells so that the endurance is not limited by 

own key; that is if the chip is being tampered with. The E 2 PR0M cell endurance. 

microprocessor chip as used in this invention can have light 40 One configuration which may be useful in that scenario is 

detectors or e-beam detectors that set off the alarm. It could the null-key configuration, with which standard op-codes are 

detect the presence of probe capacitances, broken metal used for standard OS or other purposes. No security is lost 

lines, and irregularities in bond-pad inductances. A silent when switching to a null-key because the on-chip memory 

alarm might cause a prompt to appear, for the user to send is partitioned to prevent the OS from reading memory 

another code to the software manufacturer in the manner 45 locations that are provided exclusively for the secret key. 

used for monthly billing audits. In essence, it is a silent The coded software under the key is not usable by the OS, 

alarm. The software company can then respond with some- so that does not need to be protected. Off chip memory is not 

thing other than the usual permission code. protected, and the program must be written to recognize this 

Key bits and access flags may be placed in certain fact, 

locations on a semiconductor die. A memory array of 50 When the switch is made from one key to another key, the 

E 2 PROM cells are used to hold the key bit. Numerous small state of the processor is saved to secure on chip memory 

arrays of E 2 PR0M cells are scattered around the chip at locations so that the state can be restored when the first key 

different locations. These bits are then used to store keys again comes into effect. 

which will be on different physical locations on the die. The CPU 11 uses the programmable instruction decoder 

Since the key bits are not always the same, each processor 55 to decode encrypted instruction op codes. The decoding is 

would be different. This means that the processor uses a accomplished without decrypting the op codes and logic 

variable instruction set, and different hardware on each gates immediately process data. The data representation 

individual chip will be activated upon execution of the changes during the execution, which has the effect of 

instructions. If address mapping is scrambled in a variable securing the program from analysis for decryption, 

way, each chip executing this same logarithm will be acti- $o A custom instruction set is provided for each CPU chip 11 

vated in a different way as a result of the hardware on the or groups of CPU chips. That custom instruction set would 

chip being activated in a different way. Protecting a key is be used by the software manufacturer to send a unique 

easier than protecting larger information sets. version of a mass produced program to a customer with a 

There are two common situations which deserve some microprocessor chip. The CPU is therefore programmed for 

explanation: 65 that custom instruction set. The length of each instruction, 

1. The chip is in an embedded environment in which all and the other features of this invention should be configured 

instructions are under one key, such as a smart card or to have cryptographically significant security when viewed 
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from the IC pins. Pirates who examine signals inside the IC CPU. As a result, there is no decrypted output of the 

will be deterred from success by the encryption techniques. software external of the CPU. By sufficiently protecting the 

A secret key is used by the IC and by the compiler 41 so that CPU from analysis during its operation, an attacker is denied 

the instructions produced by the compiler 41 are only a^ess to a decrypted form of the software and is further 
executable by an IC which has the same key. The key is 5 denied access to information with which to decrypt the 

stored on the IC in non-volatile memory and it controls the software. 

instruction decoder, reconfigurable logic, signal routing, A physical design for the CPU 11 can be done with 

error corrections to instructions, a scquenceT circuit, and mulu P* c la y ers f raetal ™ d ^d conductors so 

.... , j u i • -ru that e-beam analysis is more difficult. Conductors used in 

instruction buffer content interdependency checking. The ^ c > ^ ^ bc fonncd ^ ^ 

key also determines the program counter operations which 10 manner ^ fa ^ to le whQ Uce ^ ^ of 
would not be incremented in the usual manner. The key also JC voltageHCOntrast imaging, it is usually necessary to have 
controls instruction result obfuscaUon circuits so that com- a stockpiIe 0 f many ICs to etch back, cut apart, and to probe 
mon microprocessor results, such as the ANDing of two s0 that ICs mat are destroyed can be thrown away and be 
operands, are not easily recognized. The key controls rep laced by an identical IC. If each IC has uniquely pro- 
memory mapping in the I C so that physically fixed memory 15 gammed instruction sets, uniquely programmed address 
resources are allocated in different ways for ICs with dif- decoders, and uniquely programmed obfuscator circuits, 
ferent keys. then the pirate only gets one chance with one IC. If the pirate 

Optionally, data may be used in various numeric rep re- destroys one IC, she cannot get an identical IC to continue 

sentations which do not constitute encryption. These data her work. She would have to start over again. Multiple layers 

representations would be of varieties which can be imme- 20 of metal can be used to cover up lower levels of metal. In 

diately evaluated by logic circuits. The data resulting from addition, p or n type silicon diffused conductors can be used 

program execution would be output from the IC in blocks to hide signals below higher levels of interconnect, 

which are larger than usual block sizes so that adversaries It is further possible to implement the invention with a 

would have more difficulty in benefitting from knowledge of coprocessor in a system with an ordinary CPU. The output 

the data results. Data coding is of secondary importance in 25 of ^e inventive CPU is then provided to the user's com- 

this invention, while instruction coding is of primary impor- P utc [- £ one va /f 10I V of «™m<m. the inventive CPU 

tance. The varying data numeric representations are not wou d be 1™** w * mul ^ A ^ " ? 3 ^ key / 

expected to provide much security from highly skilled and ke f ^ h f e ch ™& d at d , lfferent P^oojc rates, such 

y I * | . 1 1 i i as yearly, monthly and at lesser tune periods. While provid- 

experts but they are expected to preven unskilled adver- . > ind £ idual k / for individual C PUs, the ability of an 

saries from understanding the data. This technique raises a 30 J y attempting to decrypt the software is limited to the 

barrier against some . adversaries, without using data encryp- lQ use ^ ]af m Qn ^ ^ cpu> 

turn. The compiler 41 will be notified by ^means of the key aQ abi% {Q use ^ ^ fam Qn a 

distribution information, of the variable data numenc rep- different CPU 

resentations so that it will compile instructions and data {{ shouM 5e understood ^ various mod if lcat ions within 

which conform to the data representations which the IC is 35 ^ ^ of ^ inventk)n can be made by Qne of ord]nary 

prepared to handle. skm in ^ art without departing from the spirit thereof, 

The way instructions are executed an adversary attempt- lherefore . ( ig intended ^ ^ [nvQQ{ion be defined by the 
ing to pirate the software will have difficulty understanding of ^ ded claims ^ 5roadl ^ the rior arl win 

the results of instruction execution needed to reconstruct the f m[ &nd m yicw of ^ cification tf nccd bc< 

algorithm that the program implements. It is a goal of this 40 r What ^ c i a i med [ s - 

design to anticipate what pirates will try and to provide particularly configurable processor for processing 

measures which will thwart those expected tactics. Hie { * ^ which afe selectively operable on said 

microprocessor chip as used m this invention wdl have ^ M configurable processor, comprising: 
instructions, data, and addresses, as most computers do. The r JC - f i .• e i™,. 

RAM for instructions will also have bits in each instruction 45 a definm S a stora S e locat ™ l J 0T a k ^ A f 

that cause confusion for attackers, but which are ignored by an instruction decoder programmably configured for 
the instruction decoder. decoding encrypted instruction op codes when supphed 

In the past, secured embedded microcontrollers have witn kev information from said memory, without 

usually used standard microprocessor architectures and have decrypting the encrypted op codes into standard op 

attached security enhancing hardware around this core. In 50 codes; and 

the inventive configuration, the architecture is designed with circuitry for terminating decoding in the absence of timely 
physical security in mind so that security hardware features receipt of additional key information, 

are deeply embedded in the architecture, instead of around 2* The processor of claim 1, wherein the logic circuitry is 
the periphery of the architecture. reconfigurable, said reconfigurable logic circuitry calculat- 

One example of this plan is the way memory is used. Each 55 ing the results of execution of an instruction, 
memory type used on the invention (RAM, E 2 PR0M, 3- The processor of claim 2, wherein the logic circuitry 
PROM, ROM, anti-fuse, fuse, laser-link) appears in several calculates the results of the execution of an instruction 
block sizes in the physical layout. There is 1 bit memory including provisions for accepting correct data operands and 
which is used in logic in a static way. There should be plausible wrong data operands, 

hundreds of single bit memory blocks. There can be a 16 bit 60 4 - The processor of claim 2, wherein: 
blockof memory that is used to control reconfigurable logic. the key is stored in more than one memory cell type 
There can be larger n bit arrays, as is normally seen on ICs. including a Read Only Memory (ROM), an Electrically 

This tactic increases the complexity of the work that an Erasable Programmable Read Only Memory 

adversary may attempt. (E 2 PR0M), and a Random Access Memory (RAM); 

The execution of encrypted software is accomplished by 65 and 
modifying instruction sets in a CPU, thereby obviating the a serial number in ROM which participates in allocation 
necessity for decrypting encrypted software external of the of logic gates and routing of signals, and communi- 
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cated to the compiler to inform the compiler of custom 
allocation and routing. 

5. The processor of claim 1, wherein an output register for 
data results is able to contain both correct results and 
plausible wrong results, the results in word locations in the 
output register coordinated by the key. 

6. The processor of claim 1, further comprising: 
program instruction op codes provided in a pipeline 

architecture; and 
an information key established as instruction security 
commands at a plurality of steps in said pipeline 
architecture, wherein an arithmetic logic unit (ALU) 
provides variability of logic circuitry for execution of 
encrypted op codes or standard op codes that provide 
standard instruction operation types. 

7. The processor of claim 1, wherein: 

the key includes bits optionally expanded into a larger set 
of bits which control the instruction decoder, signal 
routing, and logic gate reconfiguration; and 

the key provides a capability of controlling signal routing, 
and logic gate reconfiguration. 

8. The processor of claim 7, further comprising an output 
register for data results able to contain both correct results 
and plausible wrong results which are in word locations in 
the output register coordinated by the key. 

9. The processor of claim 8, further comprising: 

a plurality of reconfigurable logic gates able to calculate 

results of execution of an instruction; 
said plurality of the logic gates including provisions for 

accepting correct data operands and plausible wrong 

data operands; and 
said plurality of the logic gates including provisions for 

outputting correct results along with plausible wrong 

results. 

10. The processor of claim 9, wherein: 

a plurality of the memories are dispersed within a layout; 
a plurality of reconfigurable logic gates able to calculate 

results of execution of an instruction; 
said plurality of the logic gates including provisions for 

accepting correct data operands and plausible wrong 

data operands; and 
said plurality of the logic gates including provisions for 

outputting correct results along with plausible wrong 

results. 

11. The processor of claim 1, further comprising: 

the key providing a capability of re- allocating memory 

resources and register resources; 
a serial number in ROM which participates in allocation 

of logic gates and routing of signals; and 
the serial number used in combination with the key in 

providing said capability. 

12. The processor of claim 1, wherein variations of data 
numeric representations are coordinated by the key and the 
encrypted instruction op codes. 

13. The processor of claim 1, wherein an instruction 
buffer contains logic which can route a subset of the instruc- 
tion bits from bit location in the buffer to destination logic 
circuitry which reach a programmable instruction decoder 
and an instruction buffer interdependency checking logic 
block, 

14. The processor of claim 1, further comprising: 
logic circuitry configured to process data coded in various 

numeric representations and the logic circuitry able to 
accept results of the instruction execution using various 
numeric representations; 
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logic circuitry configured to immediately process said 

coded data; and 
the data representation able to change several times 

during the execution of a program so that numeric 

encodings of input data operands and output data 

results can vary. 

15. The processor of claim 1, further comprising: 
program instruction op codes provided in a pipeline 

architecture; and 
information keys established as instruction security com- 
mands at a plurality of steps in said pipeline 
architecture, 

wherein an arithmetic logic unit (ALU) provides variabil- 
ity of logic circuitry for execution of encrypted op 
codes or standard op codes that provide standard 
instruction operation types. 

16. The processor of claim 1, wherein the logic circuitry 
is reconfigurable and including provisions for outputting 
correct results along with plausible wrong results. 

17. The processor of claim 1, wherein data and instruc- 
tions are provided to a computer via program information 
includes an intentional introduction of errors which are 
correctable with error correction algorithms, said correction 
algorithms pre-selected according to the key. 

18. The processor of claim 17, further comprising: 

an instruction buffer which contains logic which can route 
a subset of the instruction bits from bit location in the 
buffer to destination logic gates which reach a pro- 
grammable instruction decoder and an instruction 
buffer interdependency checking logic block; and 

said correction algorithms pre-selected according to long 
instruction words and changed on a periodic basis by 
codes provided in the instructions gathered into the 
instruction buffer. 

19. The processor of claim 18, wherein instruction buffer 
interdependency checking logic includes any combination 
of the following: 

multiplexers to select a subset of bits from each long 
instruction word in the instruction buffer to be logically 
combined to match a sequencer value; 

a sequencer incremented at times determined by the key 
and which is reset upon the occurrence of the sequencer 
reset code in the instruction buffer; 

distribution of bits for one encrypted op code across 
several long instruction words in the instruction buffer; 

distribution of several encrypted op codes around the long 
instruction words in the instruction buffer; 

a program counter which does not normally increment by 
one, but which increments by some other constant or 
variable amount determined by a serial number, the 
key, and the sequencer value so that encrypted op codes 
which will be used sequentially in time do not occur 
sequentially in the instruction buffer, and for which, the 
time sequential chosen op codes are selected by the 
multiplexer controlled by the key, the serial number, 
and the sequencer, 

error correction circuits controlled by the key, sequencer, 
and supplementary error correcting codes received 
from the instruction buffer by means of the multiplex- 
ers; and 

dependency validation codes received through the multi- 
plexer of the instruction buffer checked by logic cir- 
cuits that depend on the key, the serial number, instruc- 
tion bits, and camouflage bits. 

20. The processor of claim 17, wherein dependency 
validation codes received through the multiplexer of the 
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instruction buffer are checked by logic circuits that depend 
on the key, a serial number, instruction bits, and camouflage 
bits so that incorrect validation bits provide an alarm. 

21. The processor of claim 20, wherein upon receipt of 
said alarm, interdependency checking logic writes an audit 
code and is capable of terminating program execution. 

22. The processor of claim 1, further comprising: 

a plurality of storage locations for keys, with the keys 
further determining storage locations of satellite keys 
and satellite access flags, said locations intentionally 
varied; 

key-dependent storage of remote access approval flags, 
the remote access approval flags encoded so as to 
obscure the locations of said approval flags; 

the instruction decoder programmably configured for 
using a null key for a default unencrypted instruction 
set; and 

the instruction decoder programmably configured for 
selecting from any of several stored keys so that several 
independent encrypted and unencrypted programs may 
be executed sequentially by installing each different 
key when needed, which also reallocates memory and 
register resources that are securely partitioned from 
each other. 

23. Method for processing computer programs selectively 
operable on one or more selected individual processors, 
comprising: 

programming an instruction decoder to decode encrypted 
instruction op codes, without decrypting them into 
standard op codes; 

using logic circuitry for requiring network handshaking; 
and 

providing additional key information through the network 
handshaking, said additional key information required 
for continued operation. 

24. The method of claim 23, further comprising: 
using the reconfigurable logic gates for calculating the 

results of execution of an instruction; 
the calculation of results of the execution of an instruction 

including accepting correct data operands and plausible 

wrong data operands; and 
outputting correct results along with plausible wrong 

results. 

25. The method of claim 24, further comprising: 
using at least a portion of the reconfigurable logic gates 

for calculating the results of the execution of an instruc- 
tion; 

using said portion of the logic gates for accepting correct 
data operands and plausible wrong data operands; and 

using said portion of the logic gates for outputting correct 
results along with plausible wrong results. 

26. The method of claim 24, further comprising: 
providing a key shared with a compiler; 

encrypting standard instruction op codes with the com- 
piler using the key; and 

expanding key bits in the key into a larger set of bits 
which control the instruction decoder, signal routing, 
and logic gate reconfiguration. 

27. The method of claim 23, further comprising: 
providing program instructions in a pipeline architecture; 

and 

establishing information keys as instruction security com- 
mands at a plurality of steps in said pipeline 
architecture, wherein an arithmetic logic unit (ALU) 
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provides variability of logic gates for execution of 
encrypted op codes or standard op codes that provide 
standard instruction operation types. 

28. The method of claim 23, further comprising using the 
logic circuitry for requiring network handshaking on a 
periodic basis. 

29. The method of claim 23, further comprising using the 
logic circuitry for requiring network handshaking periodi- 
cally based on time of a previous network handshaking 
procedure, 

30. The method of claim 23, further comprising: 
providing a key shared with a compiler, the key used by 

the compiler to encrypt standard instruction op codes 
into encrypted instruction op codes; and 
using the key to coordinate the variations of the data 
numeric representations and the encrypted instruction 
op codes. 

31. The method of claim 30, further comprising using the 
key to provide a capability of re- alio eating memory 
resources and register resources. 

32. The method of claim 23, further comprising routing a 
subset of the instruction bits through an instruction buffer to 
destination logic gates, which reach a programmable 
instruction decoder and an instruction interdependency 
checking logic block, 

33. The method of claim 23, further comprising providing 
a choice of using encrypted instruction op codes or standard 
instruction op codes. 

34. The method of claim 23, further comprising: 
providing a key shared with a compiler; 

encrypting standard instruction op codes with the com- 
piler using the key; and 

providing data and instructions to a computer via program 
information including an intentional introduction of 
errors correctable with error correction algorithms, said 
correction algorithms pre-selected according to the key. 

35. The method of claim 23, further comprising: 
providing a key shared with a compiler; 

encrypting standard instruction op codes with the com- 
piler using the key; 

providing data and instructions to the computer via pro- 
gram information includes an intentional introduction 
of errors which are correctable with error correction 
algorithms, said correction algorithms pre-selected 
according to the key and long instruction words; and 

changing the correction algorithms on a periodic basis by 
codes hidden in the instructions gathered into an 
instruction buffer. 

36. The method of claim 23, further comprising: 
providing dependency validation codes buffer checked by 

logic circuits that depend on a key; and 
in the case of incorrect validation bits, providing an alarm. 

37. The method of claim 33, further comprising writing an 
audit code in response to said alarm and terminating pro- 
gram execution. 

38. The method of claim 23, further comprising: 
using logic for requiring network handshaking; and 
further using the network handshaking to provide addi- 
tional key information for continued operation. 

39. Method for compiling computer programs for oper- 
abilily on selected ones of individual processors, compris- 
ing: 

providing encrypted instruction op codes for execution by 
an instruction decoder to decode without decrypting 
into standard op codes; and 
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providing additional key information through network 
handshaking, said additional key information required 
for continued operation. 

40. The method of claim 39, further comprising: 
providing a key shared with a compiler; and 
encrypting standard instruction op codes with the com- 
piler using the key. 

41. The method of claim 40, further comprising using a 
serial number in combination with the key. 

42. The method of claim 39, further comprising: 
providing dependency validation codes; and 10 
in the case of incorrect validation bits, providing an alarm. 
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43. A particularly configurable processor for processing 
computer programs which are selectively operable on said 
particularly configurable processor, characterized by: 

variable logic circuitry able to execute encrypted op 
codes; and 

logic for requiring network handshaking, the network 
handshaking further used to enable continued opera- 
tion. 

***** 



04/01/2004, EAST Version: 1.4.1 



